VPC Flow Logs

You can use VPC Flow Logs to monitor traffic entering and leaving your Virtual Private Cloud.  You can monitor VPC, a subnet, or an Elastic Network Interface (ENI), and relevant network traffic can be logged to CloudWatch Logs for storage and analysis.  You can use a third-party application to consume the logs and deliver information to your management and analytical tools.  VPC Flow Logs is most likely to show up in the AWS Certified Solutions Architect Associate Exam as well as the SysOps Administrator Associate Exams

In this example, I have launched an EC2 Instance running standard Amazon Linux AMI.  The instance is launched in the Public Subnet of the default VPC and has the following ENI ID: eni-092fe904e7efeb7a3

Steps to Follow

  • Navigate to the VPC Console in your Amazon Account
  • Right-click on your VPC that you want to monitor and click Create Flow Log


You will need to set up IAM Permissions for the destination CloudWatch Account


  • Click Set Up Permissions
  • Go ahead and click Create a New IAM Role and type in a Role Name


  • Click Allow in the bottom right-hand corner of the screen
  • You will receive a ‘Success’ message on the screen
  • You also need to create a CloudWatch Logs log group to which the flow logs will be published. In another browser tab, navigate to your AWS CloudWatch Console
  • Click Create Log Group


  • Type in a suitable name and Create
  • Navigate back to the previous browser tab with the VPC Flow Configuration
  • Select the appropriate values as displayed below

  • Click Create Flow Log
  • New Flow Logs will appear in the Flow Logs tab of the VPC dashboard.
  • The Flow Logs are saved to CloudWatch Logs. Navigate back to the AWS CloudWatch Console
  • Click on the Log Group you create


  • After about 10 minutes, you will note that your ENI on your EC2 Instance is reporting to the log


  • Click on the ENI
  • You will be presented with all incoming traffic to that ENI

You can then publish this log data to a third party app for further analysis. Flows are collected, processed, and stored in capture windows that are approximately 10 minutes long. The log group will be created and the first flow records will become visible in the console about ten minutes after you create the Flow Log. You can create up to two Flow Logs on one resource.

The Flow Logs will not include any of the following traffic:

  • Traffic to Amazon DNS servers, including queries for private hosted zones.
  • Windows license activation traffic for licenses provided by Amazon.
  • Requests for instance metadata.
  • DHCP requests or responses


AWS Certification – 900 Practice Exam Questions – Get Prepared for your Exam Day!

Our AWS Exam Simulator with 900 practice exam questions comes with comprehensive explanations that will help you prepare for one of the most sought-after IT Certifications of the year.  Register Today and start preparing for your AWS Certification.

Close Popup

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

Close Popup
Privacy Settings saved!
Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

These cookies are necessary for the website to function and cannot be switched off in our systems.

Technical Cookies
In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

We use WooCommerce as a shopping system. For cart and order processing 2 cookies will be stored. This cookies are strictly necessary and can not be turned off.
  • woocommerce_cart_hash
  • woocommerce_items_in_cart

Decline all Services
Accept all Services
Open Privacy settings